📄 circuitbuild.c
字号:
(n_conn->_base.or_is_obsolete &&
router_digest_version_as_new_as(firsthop->extend_info->identity_digest,
"0.1.1.9-alpha-cvs"))) {
/* not currently connected */
circ->_base.n_addr = firsthop->extend_info->addr;
circ->_base.n_port = firsthop->extend_info->port;
if (!n_conn || n_conn->_base.or_is_obsolete) { /* launch the connection */
n_conn = connection_or_connect(firsthop->extend_info->addr,
firsthop->extend_info->port,
firsthop->extend_info->identity_digest);
if (!n_conn) { /* connect failed, forget the whole thing */
log_info(LD_CIRC,"connect to firsthop failed. Closing.");
return -END_CIRC_REASON_CONNECTFAILED;
}
}
log_debug(LD_CIRC,"connecting in progress (or finished). Good.");
/* return success. The onion/circuit/etc will be taken care of
* automatically (may already have been) whenever n_conn reaches
* OR_CONN_STATE_OPEN.
*/
return 0;
} else { /* it's already open. use it. */
circ->_base.n_addr = n_conn->_base.addr;
circ->_base.n_port = n_conn->_base.port;
circ->_base.n_conn = n_conn;
log_debug(LD_CIRC,"Conn open. Delivering first onion skin.");
if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
log_info(LD_CIRC,"circuit_send_next_onion_skin failed.");
return err_reason;
}
}
return 0;
}
/** Find any circuits that are waiting on <b>or_conn</b> to become
* open and get them to send their create cells forward.
*
* Status is 1 if connect succeeded, or 0 if connect failed.
*/
void
circuit_n_conn_done(or_connection_t *or_conn, int status)
{
smartlist_t *pending_circs;
int err_reason = 0;
log_debug(LD_CIRC,"or_conn to %s, status=%d",
or_conn->nickname ? or_conn->nickname : "NULL", status);
pending_circs = smartlist_create();
circuit_get_all_pending_on_or_conn(pending_circs, or_conn);
SMARTLIST_FOREACH(pending_circs, circuit_t *, circ,
{
/* These checks are redundant wrt get_all_pending_on_or_conn, but I'm
* leaving them in in case it's possible for the status of a circuit to
* change as we're going down the list. */
if (circ->marked_for_close || circ->n_conn ||
circ->state != CIRCUIT_STATE_OR_WAIT)
continue;
if (tor_digest_is_zero(circ->n_conn_id_digest)) {
/* Look at addr/port. This is an unkeyed connection. */
if (circ->n_addr != or_conn->_base.addr ||
circ->n_port != or_conn->_base.port)
continue;
/* now teach circ the right identity_digest */
memcpy(circ->n_conn_id_digest, or_conn->identity_digest, DIGEST_LEN);
} else {
/* We expected a key. See if it's the right one. */
if (memcmp(or_conn->identity_digest,
circ->n_conn_id_digest, DIGEST_LEN))
continue;
}
if (!status) { /* or_conn failed; close circ */
log_info(LD_CIRC,"or_conn failed. Closing circ.");
circuit_mark_for_close(circ, END_CIRC_REASON_OR_CONN_CLOSED);
continue;
}
log_debug(LD_CIRC, "Found circ, sending create cell.");
/* circuit_deliver_create_cell will set n_circ_id and add us to
* orconn_circuid_circuit_map, so we don't need to call
* set_circid_orconn here. */
circ->n_conn = or_conn;
if (CIRCUIT_IS_ORIGIN(circ)) {
if ((err_reason =
circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ))) < 0) {
log_info(LD_CIRC,
"send_next_onion_skin failed; circuit marked for closing.");
circuit_mark_for_close(circ, -err_reason);
continue;
/* XXX could this be bad, eg if next_onion_skin failed because conn
* died? */
}
} else {
/* pull the create cell out of circ->onionskin, and send it */
tor_assert(circ->n_conn_onionskin);
if (circuit_deliver_create_cell(circ,CELL_CREATE,
circ->n_conn_onionskin)<0) {
circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
continue;
}
tor_free(circ->n_conn_onionskin);
circuit_set_state(circ, CIRCUIT_STATE_OPEN);
}
});
smartlist_free(pending_circs);
}
/** Find a new circid that isn't currently in use on the circ->n_conn
* for the outgoing
* circuit <b>circ</b>, and deliver a cell of type <b>cell_type</b>
* (either CELL_CREATE or CELL_CREATE_FAST) with payload <b>payload</b>
* to this circuit.
* Return -1 if we failed to find a suitable circid, else return 0.
*/
static int
circuit_deliver_create_cell(circuit_t *circ, uint8_t cell_type,
const char *payload)
{
cell_t cell;
uint16_t id;
tor_assert(circ);
tor_assert(circ->n_conn);
tor_assert(payload);
tor_assert(cell_type == CELL_CREATE || cell_type == CELL_CREATE_FAST);
id = get_unique_circ_id_by_conn(circ->n_conn);
if (!id) {
log_warn(LD_CIRC,"failed to get unique circID.");
return -1;
}
log_debug(LD_CIRC,"Chosen circID %u.", id);
circuit_set_n_circid_orconn(circ, id, circ->n_conn);
memset(&cell, 0, sizeof(cell_t));
cell.command = cell_type;
cell.circ_id = circ->n_circ_id;
memcpy(cell.payload, payload, ONIONSKIN_CHALLENGE_LEN);
append_cell_to_circuit_queue(circ, circ->n_conn, &cell, CELL_DIRECTION_OUT);
if (CIRCUIT_IS_ORIGIN(circ)) {
/* mark it so it gets better rate limiting treatment. */
circ->n_conn->client_used = time(NULL);
}
return 0;
}
/** We've decided to start our reachability testing. If all
* is set, log this to the user. Return 1 if we did, or 0 if
* we chose not to log anything. */
int
inform_testing_reachability(void)
{
char dirbuf[128];
routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return 0;
if (me->dir_port)
tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
me->address, me->dir_port);
log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
"(this may take up to %d minutes -- look for log "
"messages indicating success)",
me->address, me->or_port,
me->dir_port ? dirbuf : "",
me->dir_port ? "are" : "is",
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
return 1;
}
/** Return true iff we should send a create_fast cell to build a circuit
* starting at <b>router</b>. (If <b>router</b> is NULL, we don't have
* information on the router, so assume true.) */
static INLINE int
should_use_create_fast_for_router(routerinfo_t *router,
origin_circuit_t *circ)
{
or_options_t *options = get_options();
if (!options->FastFirstHopPK) /* create_fast is disabled */
return 0;
if (router && router->platform &&
!tor_version_as_new_as(router->platform, "0.1.0.6-rc")) {
/* known not to work */
return 0;
}
if (server_mode(options) && circ->cpath->extend_info->onion_key) {
/* We're a server, and we know an onion key. We can choose.
* Prefer to blend in. */
return 0;
}
return 1;
}
/** This is the backbone function for building circuits.
*
* If circ's first hop is closed, then we need to build a create
* cell and send it forward.
*
* Otherwise, we need to build a relay extend cell and send it
* forward.
*
* Return -reason if we want to tear down circ, else return 0.
*/
int
circuit_send_next_onion_skin(origin_circuit_t *circ)
{
crypt_path_t *hop;
routerinfo_t *router;
char payload[2+4+DIGEST_LEN+ONIONSKIN_CHALLENGE_LEN];
char *onionskin;
size_t payload_len;
tor_assert(circ);
if (circ->cpath->state == CPATH_STATE_CLOSED) {
int fast;
uint8_t cell_type;
log_debug(LD_CIRC,"First skin; sending create cell.");
router = router_get_by_digest(circ->_base.n_conn->identity_digest);
fast = should_use_create_fast_for_router(router, circ);
if (!fast && !circ->cpath->extend_info->onion_key) {
log_warn(LD_CIRC,
"Can't send create_fast, but have no onion key. Failing.");
return - END_CIRC_REASON_INTERNAL;
}
if (!fast) {
/* We are an OR, or we are connecting to an old Tor: we should
* send an old slow create cell.
*/
cell_type = CELL_CREATE;
if (onion_skin_create(circ->cpath->extend_info->onion_key,
&(circ->cpath->dh_handshake_state),
payload) < 0) {
log_warn(LD_CIRC,"onion_skin_create (first hop) failed.");
return - END_CIRC_REASON_INTERNAL;
}
} else {
/* We are not an OR, and we're building the first hop of a circuit to a
* new OR: we can be speedy and use CREATE_FAST to save an RSA operation
* and a DH operation. */
cell_type = CELL_CREATE_FAST;
memset(payload, 0, sizeof(payload));
crypto_rand(circ->cpath->fast_handshake_state,
sizeof(circ->cpath->fast_handshake_state));
memcpy(payload, circ->cpath->fast_handshake_state,
sizeof(circ->cpath->fast_handshake_state));
}
if (circuit_deliver_create_cell(TO_CIRCUIT(circ), cell_type, payload) < 0)
return - END_CIRC_REASON_RESOURCELIMIT;
circ->cpath->state = CPATH_STATE_AWAITING_KEYS;
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
log_info(LD_CIRC,"First hop: finished sending %s cell to '%s'",
fast ? "CREATE_FAST" : "CREATE",
router ? router->nickname : "<unnamed>");
} else {
tor_assert(circ->cpath->state == CPATH_STATE_OPEN);
tor_assert(circ->_base.state == CIRCUIT_STATE_BUILDING);
log_debug(LD_CIRC,"starting to send subsequent skin.");
hop = onion_next_hop_in_cpath(circ->cpath);
if (!hop) {
/* done building the circuit. whew. */
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN);
log_info(LD_CIRC,"circuit built!");
circuit_reset_failure_count(0);
if (!has_completed_circuit && !circ->build_state->onehop_tunnel) {
or_options_t *options = get_options();
has_completed_circuit=1;
/* FFFF Log a count of known routers here */
log(LOG_NOTICE, LD_GENERAL,
"Tor has successfully opened a circuit. "
"Looks like client functionality is working.");
control_event_client_status(LOG_NOTICE, "CIRCUIT_ESTABLISHED");
if (server_mode(options) && !check_whether_orport_reachable()) {
inform_testing_reachability();
consider_testing_reachability(1, 1);
}
}
circuit_rep_hist_note_result(circ);
circuit_has_opened(circ); /* do other actions as necessary */
return 0;
}
set_uint32(payload, htonl(hop->extend_info->addr));
set_uint16(payload+4, htons(hop->extend_info->port));
onionskin = payload+2+4;
memcpy(payload+2+4+ONIONSKIN_CHALLENGE_LEN,
hop->extend_info->identity_digest, DIGEST_LEN);
payload_len = 2+4+ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN;
if (onion_skin_create(hop->extend_info->onion_key,
&(hop->dh_handshake_state), onionskin) < 0) {
log_warn(LD_CIRC,"onion_skin_create failed.");
return - END_CIRC_REASON_INTERNAL;
}
log_info(LD_CIRC,"Sending extend relay cell.");
/* send it to hop->prev, because it will transfer
* it to a create cell and then send to hop */
if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
RELAY_COMMAND_EXTEND,
payload, payload_len, hop->prev) < 0)
return 0; /* circuit is closed */
hop->state = CPATH_STATE_AWAITING_KEYS;
}
return 0;
}
/** Our clock just jumped by <b>seconds_elapsed</b>. Assume
* something has also gone wrong with our network: notify the user,
* and abandon all not-yet-used circuits. */
void
circuit_note_clock_jumped(int seconds_elapsed)
{
int severity = server_mode(get_options()) ? LOG_WARN : LOG_NOTICE;
log(severity, LD_GENERAL, "Your system clock just jumped %d seconds %s; "
"assuming established circuits no longer work.",
seconds_elapsed >=0 ? seconds_elapsed : -seconds_elapsed,
seconds_elapsed >=0 ? "forward" : "backward");
control_event_general_status(LOG_WARN, "CLOCK_JUMPED TIME=%d",
seconds_elapsed);
has_completed_circuit=0; /* so it'll log when it works again */
control_event_client_status(severity, "CIRCUIT_NOT_ESTABLISHED REASON=%s",
"CLOCK_JUMPED");
circuit_mark_all_unused_circs();
circuit_expire_all_dirty_circs();
}
/** Take the 'extend' cell, pull out addr/port plus the onion skin. Make
* sure we're connected to the next hop, and pass it the onion skin using
* a create cell. Return -1 if we want to warn and tear down the circuit,
* else return 0.
*/
int
circuit_extend(cell_t *cell, circuit_t *circ)
{
or_connection_t *n_conn;
relay_header_t rh;
char *onionskin;
char *id_digest=NULL;
if (circ->n_conn) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"n_conn already set. Bug/attack. Closing.");
return -1;
}
if (!server_mode(get_options())) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Got an extend cell, but running as a client. Closing.");
return -1;
}
relay_header_unpack(&rh, cell->payload);
if (rh.length < 4+2+ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -